Many U.S. cities are seeking to move forward with implementing new Internet of Things (IoT) and smart city technology. Smart city applications are developed to manage urban flows and allow for real-time responses. However, they are being slowed down by the lack of cybersecurity accompanying new systems and applications.
Expert Eyal Elyashiv is CEO and Co-founder of Cynamics, a company looking to solve these types of cybersecurity problems. Eyal shares with Digital Journal what type of attacks could be in development and how the government can best prevent them.
Digital Journal: How serious are cybersecurity issues for both businesses and consumers?
Eyal Elyashiv: Cybersecurity has always been an issue for businesses and consumers since the digital age began. In 2019 alone, hackers accessed over 7.9 billion consumer records. The severity and critical nature of cybersecurity are increasing because of the growing focus on interconnectivity, the proliferation of smart devices, and other digital conveniences that improve the customer experience to cater to the ‘NOW economy’. These tech innovations also create additional network vulnerabilities that widen the opportunity for bad actors to profit from cyberattacks, such as ransomware, where clean up costs and lost revenues can be 100 times greater than paying the ransom.
Reliance on cloud computing to run software and solutions is also fundamentally changing the way organizations and cities treat cybersecurity. There was a time where security was considered an afterthought to a product or solution, and now many have begun employing “security by design,” where security is now considered in parallel with each development phase of a new product or solution to keep businesses and consumers safe.
DJ: What are the main cybersecurity concerns for smart city projects?
Elyashiv: The main cybersecurity concerns for smart city projects are the sheer amount of new attack vectors. These are created through interconnected systems and added sensors, as well as the growing amount of data that will constantly be transmitted across these networks as a result. In a regular municipal network environment, a malicious actor could install malware on a police department’s system, for example, and only access the information in that department. This used to be a contained issue in the past, but today smart cities built on connected infrastructure will allow those same bad actors to also gain access to other aspects of city and government systems, such as energy grids, smart traffic cameras and other IoT devices connected to police departments as well.
This is particularly dangerous because of how prominent and effective ransomware attacks have been on cities in recent months, including New Orleans, Pensacola, and many others. There were more than 70 ransomware attacks against state and local governments in 2019, compared to the 54 noted attacks in 2018. Since the ‘ransom’ is set by the hacker, more access to critical infrastructure in smart cities that can put data and potentially real lives at stake could escalate the severity of these demands moving forward. Adding to this concern is the fact that both historically and presently, these municipalities have limited cybersecurity budgets and cannot afford a solution capable of offering full visibility of their ever-growing networks. This is a well-known problem, which is why the U.S. Senate unanimously passed the State and Local Government Cybersecurity Act in November 2019 to try and help small government obtain grants to help them protect against these attacks.
DJ: Where are the main cybersecurity risks coming from? Has the Iranian crisis exacerbated this?
Elyashiv: The main cybersecurity risks stem from ransomware strains, such as Maze Ransomware, which was behind the recent New Orleans’ attack that has cost the city over $7M. The Iranian crisis adds to the potential risk of ransomware attacks because it is so much easier and conspicuous to execute cyberwarfare than engage in physical war activities. With smart cities in the mix, there is the potential to shut down entire U.S. governments without leaving their desk.
DJ: How are security concerns slowing down IoT innovation?
Elyashiv: Due to how vulnerable cities feel about impending ransomware attacks as a result of a lack of budget to adequately protect their infrastructure, IoT and smart city initiatives are often stuck in ‘pilot purgatory’. This refers to companies that cannot move from the test phase to true implementation because at present it would cause too many risks with regard to civilian safety and the protection of sensitive government data. Cities must gain full visibility into their networks at all times in order to confidently protect themselves from this growing threat.
DJ: What can be done to reduce the likelihood of attacks?
Elyashiv: The majority of recent cyberattacks on cities can be attributed to ransomware threats, and the only way to prevent them is to fully monitor the network 24/7 to spot anomalies before the systems are fully infected. Ransomware is dangerous because once it has penetrated the system the damage is already done whether you pay the ransom or not. Even if a city doesn’t pay the ransom, the cost of gaining back control of the systems can cost millions in lost revenues and damages.
Baltimore is an unfortunate example of this when they chose not to pay a 13 Bitcoin ransom and it cost them $18 million to regain full operations. In order to fully monitor a network and defend these types of attacks, cities must invest in AI cybersecurity solutions that are capable of not only providing full visibility but scaling at a rate that keeps up with smart network growth. Current solutions are unable to fully monitor the network at a cost within municipal cybersecurity budgets.
DJ: Who should be driving security – governments or businesses?
Elyashiv: To keep up with the massive scale of smart networks, both the government and businesses must drive security initiatives at the same time. It’s terrific that the federal government is proposing legislation to provide increased funds for small government cybersecurity, but it is the responsibility of businesses to be innovative and leverage new technologies, such as AI, to improve network visibility and lower the cost of solutions. AI is widely regarded as the latest technology driving the arms race between hackers and the cybersecurity solutions built to defend against them. Hackers have already proven successful with AI attacks, albeit rudimentary in nature thus far. Cyber companies must become more adept at AI than their adversaries in order to keep their clients’ networks safe.
DJ: What services does Cynamics provide?
Elyashiv: Cynamics is the only network performance monitoring & diagnostics (NPMD) company capable of offering 100 percent network visibility from small traffic samples, as well as providing optimization and cybersecurity protection specifically built for vulnerable and budget-strapped smart cities and municipalities. The only way to actively monitor smart networks as they emerge is to gain entire visibility without having to monitor the entire network from a small sampling of data at each layer. Cynamics ensures that municipalities never have to choose between cost and adequate visibility and security again.